CN106941491A - The safety application data link layer device and communication means of power information acquisition system - Google Patents

The safety application data link layer device and communication means of power information acquisition system Download PDF

Info

Publication number
CN106941491A
CN106941491A CN201710197813.8A CN201710197813A CN106941491A CN 106941491 A CN106941491 A CN 106941491A CN 201710197813 A CN201710197813 A CN 201710197813A CN 106941491 A CN106941491 A CN 106941491A
Authority
CN
China
Prior art keywords
sal
data
terminal
session
data frames
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710197813.8A
Other languages
Chinese (zh)
Other versions
CN106941491B (en
Inventor
翟峰
梁晓兵
岑炜
赵兵
刘鹰
吕英杰
李保丰
付义伦
曹永峰
许斌
孔令达
徐文静
冯占成
任博
张庚
杨全萍
周琪
袁泉
卢艳
韩文博
李丽丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Original Assignee
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, China Electric Power Research Institute Co Ltd CEPRI filed Critical State Grid Corp of China SGCC
Priority to CN201710197813.8A priority Critical patent/CN106941491B/en
Publication of CN106941491A publication Critical patent/CN106941491A/en
Application granted granted Critical
Publication of CN106941491B publication Critical patent/CN106941491B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The safety application data link layer communications method of power information acquisition system of the present invention includes:Terminal tissue safety application data link layer SAL is logged in, heartbeat message is with logging on communication server;Session is set up between terminal and acquisition server;Acquisition server initiates data interaction;Terminal reported data;Wherein, during the acquisition server initiates data exchange process and terminal reported data; carry out realizing the encipherment protection of data between terminal and security gateway using ssl protocol form encapsulation of data during data interaction, carry out realizing the encipherment protection of data between security gateway and acquisition server using APP protocol format encapsulation of data during data interaction.The present invention establishes power information acquisition system link layer encryption protection communication means, adds the security of power information acquisition system on the basis of the existing application layer encryption agreement based on key and digital certificate management service system.

Description

The safety application data link layer device and communication means of power information acquisition system
Technical field
The present invention relates to information security field, and more particularly, to a kind of safety applications number of power information system According to link layer device and communication means.
Background technology
Since 2009, State Grid Corporation of China with " all standing, full collection, control in full " for construction object, according to " unified rule Draw, unified standard, unified implementation " principle promote power information acquisition system construction.So far, add up that intelligence electricity is installed Can 3.84 hundred million, table, power information acquisition system covering power consumer more than 400,000,000.At present, 27 province's public affairs of State Grid Corporation of China's system The acquisition system main website construction of department has been fully completed and put into operation, and gathered data is in counting cost by gas meter, business inspection, line loss point Analysis, Business Process System, breakdown repair, ordered electric, interactive service, electricity transaction, distribution network operation and electric energy quality monitoring etc. are more It is applied in item business.
Currently, power information acquisition system information integration degree, degrees of fusion are higher, and system dependence is stronger, operation system it Between, real-time, interactive more enriches and frequently, the terminal quantity of system access is huge, type is more between operation system and extraneous user Sample, causes the increasingly sophisticated of its running environment.And also showed for the attack pattern and intensity of power information acquisition system The trend of liter.In order to tackle the concrete condition occurred when security risk and practical application that power information acquisition system faces, state Family's grid company has built unified key and digital certificate management service system, have studied power information safety protection technique, And authentication and the Encryption Transmission Protocol of power user power consumption information acquisition system are devised, the security of system has necessarily Lifting.
However, as power information acquisition system undertakes being continuously increased for portfolio and type of service, it is intrinsic in internet The influence to power information acquisition system main website of security breaches and attack pattern it is increasingly notable, existing power information security protection Technology and related protocol can not meet the security requirement of current power information acquisition system.
The content of the invention
In order to solve the above problems, according to an aspect of the invention, there is provided a kind of peace of power information acquisition system Full application data link layer communications method, including:
Terminal tissue safety application data link layer SAL is logged in, heartbeat message is with logging on communication server;
Session is set up between terminal and acquisition server;
Acquisition server initiates data interaction;
Terminal reported data;
Wherein, during the acquisition server initiates data exchange process and terminal reported data, terminal and peace Carry out realizing the encipherment protections of data during data interaction using ssl protocol form encapsulation of data between full gateway, security gateway with Carry out realizing the encipherment protection of data between acquisition server using APP protocol format encapsulation of data during data interaction.
Preferably, set up between the terminal and acquisition server session including acquisition server actively initiate session and Terminal request initiates session.
Preferably, the terminal tissue safety application data link layer SAL logins, heartbeat message logging on communication server For:
Terminal tissue safety application data link layer SAL is logged in, heartbeat message, and SAL logins, heartbeat message are sent out Deliver to the communication server;
The communication server judges the SAL logins, the integrality and legitimacy of heartbeat message, if the SAL is logged in, heartbeat Message is imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal;If SAL is logged in, heartbeat Message is complete and legal, then logs in the SAL, heartbeat message is sent to security gateway;
Security gateway judges the SAL logins, the integrality and legitimacy of heartbeat message, if the SAL is logged in, heartbeat report Text is imperfect or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If SAL is logged in, heartbeat message Complete and legal, then the value for data coding identification being accorded with into C_APP is changed to 1 and logs in the SAL, heartbeat message is encapsulated as APP Sent after protocol format to acquisition server;
Acquisition server is logged in the SAL after the encapsulation, heartbeat message carries out deblocking processing, then generates APP agreements The SAL login responses message of form is simultaneously sent to security gateway;
Security gateway judges the integrality and legitimacy of the SAL login responses message, if the SAL login responses message It is complete and legal, then C_APP value is changed to 0 and the SAL login response messages of the APP protocol formats are converted into SSL lattice Formula, sends to the communication server;
The communication server sends the SAL login responses message according to the destination address of the SAL login responses message To corresponding terminal.
Preferably, the acquisition server actively initiates session and is:
Session key agreement data are encrypted to form privately owned order and send to security gateway for acquisition server, with logical Know that security gateway sends the request for setting up SAL sessions to terminal;
Security gateway decrypts the privately owned order, obtains session key agreement data, C_APP value is set into 0, composition is built Vertical session request SAL data frames simultaneously use ssl protocol form to be sent to the communication server after encapsulating;
The communication server will set up session request SAL numbers according to the destination address for setting up session request SAL data frames Terminal corresponding to destination address is sent according to frame;
Session request SAL data frames are set up described in terminal-pair and carry out data parsing, and verify the acquisition server identity, Produce the data for setting up session confirmation and be encrypted using terminal secret key, the transmission of session response SAL data frames is set up to constitute To the communication server;
The communication server checks the integrality and legitimacy for setting up session response SAL data frames, if the foundation meeting Talk about response SAL data frames imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal, if The session response SAL data frames of setting up are complete and legal, then send the session response SAL data frames of setting up to safety net Close;
Security gateway judges the integrality and legitimacy for setting up session response SAL data frames, if described set up session Response SAL data frames are complete and legal, then session response SAL data frames set up using terminal public key decryption is described, by C_APP's Value is changed to 1 and is encapsulated as sending to acquisition server after APP protocol formats by the data for obtaining setting up session confirmation;
Acquisition server receives the data for setting up session confirmation of the APP protocol formats, unseals and records terminal and builds The result of vertical session.
Preferably, the terminal request initiates session and is:
Terminal obtains terminal embedded type security control (ESAM) chip relevant information, and session SAL data are set up in composition request Frame is simultaneously encapsulated as after ssl protocol form, is sent to the communication server;
The communication server detection integrality and legitimacy for asking to set up session SAL data frames, if the request is built Vertical session SAL data frames are imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal;If It is complete and legal that session SAL data frames are set up in request, then the request is set up into session SAL data frames sends to security gateway;
Security gateway judges the integrality and legitimacy for asking to set up session SAL data frames, if the request is set up Session SAL data frames are imperfect or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If request Set up session SAL data frames complete and legal, then C_APP value is changed to 1 and session SAL data frames envelope is set up into the request Fill to send to acquisition server after APP protocol formats;
Acquisition server sets up session SAL data frames to the request after the encapsulation and carries out deblocking processing, composition confirmation/no Recognize SAL acknowledgement frames, send to security gateway;
C_APP value is changed to 0 by security gateway, will confirm that/deny that SAL acknowledgement frames are encapsulated as sending after ssl protocol form To the communication server, the communication server is again by the confirmation after encapsulating/deny that SAL acknowledgement frames are sent to terminal.
Preferably, the acquisition server initiates data interaction and is:
Acquisition server composition plaintext 1376.1/ task data (OOP) data frame is simultaneously sent to security gateway;
Security gateway detects the integrality and legitimacy of the plaintext 1376.1/OOP data frames, if the plaintext 1376.1/OOP data frames are complete and legal, C_APP value are changed into 0, and plaintext 1376.1/OOP data frames are based on The public key of terminal is encrypted and is encapsulated as the SAL data frames of ssl protocol form, sends to the communication server;
The SAL data frames are sent to corresponding terminal by the communication server according to the destination address of SAL data frames;
Terminal-pair SAL data frames are decrypted, and obtain plaintext 1376.1/OOP data frames, constitute bright after data processing Literary 1376.1/OOP reply datas frame, constitutes SAL reply data frame ciphertexts and sends to the communication server after encryption;
The communication server detects the integrality and legitimacy of the SAL reply datas frame ciphertext, if the SAL reply datas Frame ciphertext is complete and legal, then the SAL reply datas frame ciphertext is forwarded into security gateway;
Security gateway detects the integrality and legitimacy of the SAL reply datas frame ciphertext, if the SAL reply datas frame Ciphertext is complete and legal, and decryption obtains plaintext 1376.1/OOP reply data frames, and C_APP value is changed into 1 and by plain text The data that 1376.1/OOP reply data frames are encapsulated as APP protocol formats are sent to acquisition server;
Acquisition server is received after the plaintext 1376.1/OOP reply data frames after encapsulation, according to plaintext 1376.1/OOP Reply data frame is handled.
The OOP is task data, and 1376.1/OOP data frames are to meet Q/GDW1376.1-2012 power consumer electricity consumptions Part 1 in information acquisition system communication protocol:Main website and acquisition terminal communication protocol task data frame.
Preferably, the terminal reported data is:
Terminal generates plaintext 1376.1/OOP data frames, and SAL data frame ciphertexts are formed after encryption and are sent to the communication server;
The communication server detects the integrality and legitimacy of SAL data frame ciphertexts, if the SAL data frames ciphertext is imperfect Or it is illegal, then communication server composition is denied response SAL messages and sent to terminal;If SAL data frames ciphertext is complete and closes Method, then send the SAL data frames ciphertext to security gateway;
Security gateway detects the integrality and legitimacy of the SAL data frames ciphertext, if the SAL data frames ciphertext is not complete Whole or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If SAL data frames ciphertext is complete and closes Method, then be plaintext 1376.1/OOP data frames by the decryption of SAL data frames ciphertext, C_APP value be changed into 1 and by the plaintext 1376.1/OOP data frames are encapsulated as sending to acquisition server after APP protocol formats;
Acquisition server is received after the plaintext 1376.1/OOP data frames after encapsulation, according to plaintext 1376.1/OOP data Frame is handled, and composition plaintext 1376.1/OOP reply data frames are sent to security gateway;
Security gateway detects the integrality and legitimacy of the plaintext 1376.1/OOP reply data frames, if the plaintext 1376.1/OOP reply data frames are complete and legal, then C_APP value are changed into 0, and by plaintext 1376.1/OOP reply datas Frame is encrypted using terminal public key and is encapsulated as the SAL reply data frame ciphertexts of ssl protocol form, is sent to communication service Device;
The communication server sends the SAL reply datas frame ciphertext according to the destination address of SAL reply data frame ciphertexts To corresponding terminal;
Terminal, which receives to be decrypted after SAL reply data frame ciphertexts, obtains plaintext 1376.1/OOP reply data frames, and root Data processing is carried out according to plaintext 1376.1/OOP reply datas content frame.
Preferably, when C_APP value is 0, represent that current data frame encapsulates for ssl protocol form, when C_APP value For 1 when, it is the encapsulation of APP forms to represent current data frame.
Preferably, the terminal ESAM chips relevant information is that terminal serial number, communication protocol version number and encryption are calculated Method.
Set according to another aspect of the present invention there is provided a kind of safety application data link layer of power information acquisition system It is standby, including:
Terminal, for tissue heartbeat message logging on communication server, sets up session with acquisition server and carries out data friendship Mutual and progress reported data;
The communication server, is produced when carrying out between terminal and acquisition server for detecting and set up session and data interaction The integrality and legitimacy of data frame;
Security gateway, the number produced when carrying out between terminal and acquisition server for detecting and set up session and data interaction Encapsulation and the encrypting and decrypting of APP agreements or ssl protocol form are carried out according to the integrality and legitimacy of frame, to the data frame; And
Acquisition server, for setting up session with terminal and carrying out data interaction and progress data processing.
The present invention on the basis of the existing application layer encryption agreement based on key and digital certificate management service system, Power information acquisition system link layer encryption protection communication means is established, the security of power information acquisition system is added.
Brief description of the drawings
By reference to the following drawings, the illustrative embodiments of the present invention can be more fully understood by:
Fig. 1 is the safety application data link layer communications side of the power information acquisition system according to the preferred embodiment of the present invention The flow chart of method;
Fig. 2 is according to the terminal tissue safety application data link layer SAL of preferred embodiment of the present invention logins, heartbeat message The schematic flow sheet of logging on communication server;
Fig. 3 is the schematic flow sheet that session is actively initiated according to the acquisition server of the preferred embodiment of the present invention;
Fig. 4 is the schematic flow sheet that session is initiated according to the terminal request of the preferred embodiment of the present invention;
Fig. 5 is the schematic flow sheet that data interaction is initiated according to the acquisition server of the preferred embodiment of the present invention;
Fig. 6 is the schematic flow sheet of the terminal reported data according to the preferred embodiment of the present invention;And
Fig. 7 is the safety application data link layer device knot of the power information acquisition system according to the preferred embodiment of the present invention Structure schematic diagram.
Embodiment
The illustrative embodiments of the present invention are introduced with reference now to accompanying drawing, however, the present invention can use many different shapes Formula is implemented, and it is to disclose at large and fully there is provided these embodiments to be not limited to embodiment described herein The present invention, and fully pass on the scope of the present invention to person of ordinary skill in the field.For showing for being illustrated in the accompanying drawings Term in example property embodiment is not limitation of the invention.In the accompanying drawings, identical cells/elements are attached using identical Icon is remembered.
Unless otherwise indicated, term (including scientific and technical terminology) used herein has to person of ordinary skill in the field It is common to understand implication.Further it will be understood that the term limited with usually used dictionary, is appreciated that and it The linguistic context of association area has consistent implication, and is not construed as Utopian or excessively formal meaning.
Fig. 1 is the safety application data link layer communications side of the power information acquisition system according to the preferred embodiment of the present invention The flow chart of method.As shown in figure 1, in the method 100, terminal organization security application data link layer SAL first is logged in, heartbeat report Text is with logging on communication server, and the session then set up between terminal and acquisition server then initiates number by acquisition server According to interaction, by terminal reported data, communication is completed.Wherein, data exchange process and terminal are initiated in the acquisition server Carry out realizing number using ssl protocol form encapsulation of data during data interaction during reported data, between terminal and security gateway According to encipherment protection, carried out between security gateway and acquisition server real using APP protocol formats encapsulation of data during data interaction The encipherment protection of existing data.The encipherment protection of link transport is set up between security gateway and terminal, it is ensured that data are at end The security transmitted between end and security gateway.Preferably, session is set up between terminal and acquisition server includes collection service Device actively initiates session and terminal request initiates the mode that session is set up in two kinds of session.In actual use, power information is adopted Collecting system according to actual conditions will set up the selection of conversational mode.
Fig. 2 is according to the terminal tissue safety application data link layer SAL login frames of the preferred embodiment of the present invention and heartbeat The schematic flow sheet of message logging on communication server.As shown in Fig. 2 terminal organization security application data link layer SAL first is stepped on Record, heartbeat message, and SAL logins, heartbeat message are sent to the communication server;The communication server receive SAL log in, SAL logins, the integrality and legitimacy of heartbeat message are first checked for after heartbeat message, only when SAL logins, heartbeat message are complete When whole and legal, the communication server can just log in SAL, heartbeat message is transmitted to security gateway, and now data coding identification is accorded with C_APP value is 0, it was demonstrated that current SAL is logged in, heartbeat message is SSL form encapsulation of data;When SAL logins, heartbeat message be not complete When whole and/or illegal, communication server composition denies that response SAL messages are sent to terminal, while this sign off;Communication When server judges that SAL is logged in, heartbeat message is complete and legal, SAL is logged in, heartbeat message is sent to security gateway, safety Gateway, which is received, equally judges SAL logins, the integrality and legitimacy of heartbeat message after SAL logins, heartbeat message, if SAL is stepped on Record, heartbeat message are imperfect and/or illegal, then are made up of security gateway and deny response SAL messages and send to terminal;If SAL is logged in, heartbeat message is complete and legal, then C_APP value is changed into 1 and logs in the SAL, heartbeat message is encapsulated as Sent after APP protocol formats to acquisition server;Acquisition server receives the SAL logins after encapsulation, carried out after heartbeat message Deblocking is handled, and is then generated the SAL login responses message of APP protocol formats and is sent to security gateway;Security gateway is received The integrality and legitimacy of SAL login response messages are judged after SAL login response messages, if SAL login responses message it is complete and It is legal, then C_APP value is changed to 0 and the SAL login response messages of APP protocol formats are converted into SSL forms, sent to logical Telecommunications services device;The communication server sends SAL login response messages to correspondence according to the destination address of SAL login response messages Terminal, terminal tissue safety application data link layer SAL log in, the server operation of heartbeat message logging on communication complete.It is preferred that Ground, security gateway and the communication server are identical to the integrality of data and the method for validity judgement, are by checking The coding rule of data frame judges the legitimacy of data, and the integrality of data is judged by checking data length.
Fig. 3 is the schematic flow sheet that session is actively initiated according to the acquisition server of the preferred embodiment of the present invention.Terminal with Session is set up between acquisition server and actively initiates session and terminal request initiation session including acquisition server.Such as Fig. 3 institutes Show, when acquisition server actively initiates session, be encrypted to form privately owned order and send by session key agreement data first To security gateway, the request of SAL sessions is set up to notify security gateway to be sent to terminal;Security gateway receives privately owned order Afterwards, using the privately owned order of public key decryptions of acquisition server, session key agreement data are obtained, composition sets up session request SAL Data frame is sent to the communication server;The communication server according to the destination address for setting up session request SAL data frames received, Session request SAL data frames will be set up and send terminal corresponding to destination address;What end-on was received sets up session request SAL Data frame carries out data parsing, and verifies acquisition server identity, produces the data for setting up session confirmation and utilizes terminal ESAM The cryptographic protocol included in chip is encrypted, and setting up session response SAL data frames with composition is sent to the communication server;Communication Server receives the integrality and legitimacy for setting up and being checked after session response SAL data frames and setting up session response SAL data frames, If it is imperfect or illegal to set up session response SAL data frames, communication server composition is denied response SAL messages and sent extremely Terminal, if it is complete and legal to set up session response SAL data frames, will set up session response SAL data frames and send to safety net Close;Security gateway, which is received, sets up the same integrality for judging to set up session response SAL data frames after session response SAL data frames And legitimacy, if setting up, session response SAL data frames are complete and legal, utilize the encryption chip included in terminal ESAM chips Public key be decrypted and set up session response SAL data frames, will obtain setting up the data of session confirmation and be encapsulated as APP agreement lattice Sent after formula to acquisition server;Acquisition server receives the data for setting up session confirmation of the APP protocol formats, deblocking Record terminal sets up the result of session afterwards.Preferably, the method for checking acquisition server identity is to be tested by digital certificate signature Label mode is realized.
Fig. 4 is the schematic flow sheet that session is initiated according to the terminal request of the preferred embodiment of the present invention.Shown in figure Fig. 4, eventually When session is initiated in end request, terminal embedded type security control (ESAM) chip relevant information is obtained first, and meeting is set up in composition request SAL data frames are talked about, the communication server is sent to;The communication server receives after session SAL data frames are set up in request and detects that its is complete Whole property and legitimacy, if to set up session SAL data frames imperfect or illegal for request, communication server composition denies response SAL messages are simultaneously sent to terminal, and terminal request is initiated session flow and terminated;If request is set up session SAL data frames completely and closed Method, then set up session SAL data frames by request and send to security gateway;Security gateway receives request and sets up session SAL data Its integrality and legitimacy are judged after frame, if session SAL data frames are set up in request imperfect or illegal, security gateway composition Deny response SAL messages and send to terminal, terminal request is initiated session flow and terminated;If session SAL data frames are set up in request It is complete and legal, then it is changed to 1 by C_APP value and the request is set up into session SAL data frames be encapsulated as after APP protocol formats Send to acquisition server;Acquisition server the request after encapsulation is set up session SAL data frames carry out deblocking processing, and according to Actual conditions composition confirms SAL acknowledgement frames or denies SAL acknowledgement frames, sends to security gateway;Security gateway receives confirmation SAL acknowledgement frames are denied after SAL acknowledgement frames, C_APP value are changed into 0, and will confirm that SAL acknowledgement frames or deny that SAL should Answer frame to be encapsulated as sending after ssl protocol form to the communication server, the communication server is again by the confirmation SAL acknowledgement frames after encapsulating Or deny that SAL acknowledgement frames are sent to terminal.Preferably, terminal ESAM chips relevant information is terminal serial number, communication protocol Version number and AES.
Fig. 5 is the schematic flow sheet that data interaction is initiated according to the acquisition server of the preferred embodiment of the present invention.Terminal with Acquisition server is set up after session, and data interaction is initiated by acquisition server, as shown in figure 5, acquisition server constitutes bright first Literary 1376.1/OOP data frames are simultaneously sent to security gateway, and OOP here refers to task data, and 1376.1/OOP data frames are symbol Close part 1 in Q/GDW1376.1-2012 power user power consumption information acquisition system communication protocols:Main website leads to acquisition terminal Believe agreement task data frame;The integrality and legitimacy for the plaintext 1376.1/OOP data frames that security gateway detection is received, if Plaintext 1376.1/OOP data frames are complete and legal, C_APP value are changed into 0, and plaintext 1376.1/OOP data frames are carried out The SAL data frames of ssl protocol form are encrypted and be encapsulated as using the public key of terminal, are sent to the communication server;Communication clothes Device be engaged in then according to the destination address of SAL data frames, the SAL data frames are sent to corresponding terminal;What end-on was received SAL data frames are decrypted by terminal secret key, obtain plaintext 1376.1/OOP data frames, are constituted in plain text after data processing 1376.1/OOP reply data frames, SAL reply data frame ciphertexts are constituted after the private key encryption of terminal and are sent to communication clothes Business device;The integrality and legitimacy for the SAL reply data frame ciphertexts that communication server detection is received, when SAL reply data frames When ciphertext is complete and legal, SAL reply data frame ciphertexts are forwarded to security gateway;The SAL that security gateway detection is received should The integrality and legitimacy of data frame ciphertext are answered, if SAL reply data frame ciphertexts are complete and legal, the public key pair of terminal is utilized SAL reply data frame ciphertexts, which are decrypted, obtains plaintext 1376.1/OOP reply data frames, C_APP value is changed into 1 and will be bright The data that literary 1376.1/OOP reply datas frame is encapsulated as APP protocol formats are sent to acquisition server;Acquisition server is received After plaintext 1376.1/OOP reply data frames after to encapsulation, handled according to plaintext 1376.1/OOP reply data frames.
Fig. 6 is the schematic flow sheet of the terminal reported data according to the preferred embodiment of the present invention.As shown in fig. 6, in terminal Count off according to when, firstly generate plaintext 1376.1/OOP data frames, SAL data frames ciphertexts formed after terminal secret key is encrypted and is sent To the communication server;The integrality and legitimacy for the SAL data frame ciphertexts that communication server detection is received, if SAL data frames Ciphertext is imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal, terminal reported data stream Journey terminates;If SAL data frame ciphertexts are complete and legal, SAL data frame ciphertexts are sent to security gateway;Security gateway is detected The integrality and legitimacy of the SAL data frame ciphertexts received, if SAL data frame ciphertexts are imperfect or illegal, safety net Close composition and deny response SAL messages and send to terminal that terminal reported data flow terminates;If SAL data frames ciphertext it is complete and It is legal, then it is plaintext 1376.1/OOP data frames using terminal public key decryption by SAL data frames ciphertext, C_APP value is changed to 1 And be encapsulated as plaintext 1376.1/OOP data frames to send to acquisition server after APP protocol formats;Acquisition server is received After plaintext 1376.1/OOP data frames after encapsulation, handled according to plaintext 1376.1/OOP data frames, composition is in plain text 1376.1/OOP reply data frames are sent to security gateway;The plaintext 1376.1/OOP reply datas that security gateway detection is received The integrality and legitimacy of frame, if plaintext 1376.1/OOP reply data frames are complete and legal, 0 is changed to by C_APP value, and Plaintext 1376.1/OOP reply datas frame is encrypted using the public key of terminal and the SAL responses of ssl protocol form are encapsulated as Data frame ciphertext, sends to the communication server;The communication server, should by SAL according to the destination address of SAL reply data frame ciphertexts Answer data frame ciphertext and be sent to corresponding terminal;Terminal is received to be decrypted after SAL reply data frame ciphertexts and obtained in plain text 1376.1/OOP reply data frames, and data processing is carried out according to plaintext 1376.1/OOP reply datas content frame.
Fig. 7 is the safety application data link layer device knot of the power information acquisition system according to the preferred embodiment of the present invention Structure schematic diagram.As shown in fig. 7, the safety application data link layer device 700 of power information acquisition system includes terminal 701, led to Telecommunications services device 702, security gateway 703 and acquisition server 704, wherein the number of terminal 701 is no more than acquisition server Can be multiple in 704 collection limitation.Preferably, terminal 701 be used for tissue heartbeat message logging on communication server 702, with Acquisition server 704 sets up session and carries out data interaction and carry out reported data.Preferably, the communication server 702 is used for Detection terminal 701 and acquisition server 703 between carry out set up the data frame produced when session and data interaction integrality and Legitimacy.Preferably, security gateway 703 is used to detect carries out setting up session and data between terminal 701 and acquisition server 704 The integrality of data frame and legitimacy that are produced during interaction, the encapsulation for carrying out to data frame APP agreements or ssl protocol form and Encrypting and decrypting.Preferably, acquisition server 704 is used to set up session with terminal 701 and carries out data interaction and carry out data Processing.
The present invention is described by reference to a small amount of embodiment.However, it is known in those skilled in the art, as What subsidiary Patent right requirement was limited, except the present invention other embodiments disclosed above equally fall the present invention's In the range of.
Normally, all terms used in the claims are all solved according to them in the usual implication of technical field Release, unless clearly defined in addition wherein.All references " one/described/be somebody's turn to do [device, component etc.] " are all opened ground At least one example in described device, component etc. is construed to, unless otherwise expressly specified.Any method disclosed herein Step need not all be run with disclosed accurate order, unless explicitly stated otherwise.

Claims (10)

1. a kind of safety application data link layer communications method of power information acquisition system, including:
Terminal tissue safety application data link layer SAL is logged in, heartbeat message is with logging on communication server;
Session is set up between terminal and acquisition server;
Acquisition server initiates data interaction;
Terminal reported data;
Wherein, during the acquisition server initiates data exchange process and terminal reported data, terminal and safety net Carry out realizing the encipherment protection of data, security gateway and collection between pass using ssl protocol form encapsulation of data during data interaction Carry out realizing the encipherment protection of data between server using APP protocol format encapsulation of data during data interaction.
2. according to the method described in claim 1, it is characterised in that setting up session between the terminal and acquisition server includes Acquisition server actively initiates session and terminal request initiates session.
3. according to the method described in claim 1, it is characterised in that the terminal tissue safety application data link layer SAL is stepped on Record, heartbeat message logging on communication server are:
Terminal tissue safety application data link layer SAL log in, heartbeat message, and by the SAL log in, heartbeat message send to The communication server;
The communication server judges the SAL logins, the integrality and legitimacy of heartbeat message, if the SAL is logged in, heartbeat message Imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal;If SAL is logged in, heartbeat message It is complete and legal, then the SAL is logged in, heartbeat message is sent to security gateway;
Security gateway judges the SAL logins, the integrality and legitimacy of heartbeat message, if SAL logins, heartbeat message are not Complete or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If SAL is logged in, heartbeat message is complete And it is legal, then the value for data coding identification being accorded with into C_APP is changed to 1 and logs in the SAL, heartbeat message is encapsulated as APP agreements Sent after form to acquisition server;
Acquisition server is logged in the SAL after the encapsulation, heartbeat message carries out deblocking processing, then generates APP protocol formats SAL login responses message and send to security gateway;
Security gateway judges the integrality and legitimacy of the SAL login responses message, if the SAL login responses message is complete And it is legal, then C_APP value is changed to 0 and the SAL login response messages of the APP protocol formats are converted into SSL forms, sent out Deliver to the communication server;
The communication server sends the SAL login responses message to right according to the destination address of the SAL login responses message The terminal answered.
4. method according to claim 2, it is characterised in that the acquisition server actively initiates session and is:
Session key agreement data are encrypted to form privately owned order and send to security gateway for acquisition server, to notify peace Full gateway sends the request for setting up SAL sessions to terminal;
Security gateway decrypts the privately owned order, obtains session key agreement data, C_APP value is set into 0, composition sets up meeting Words request SAL data frames simultaneously use ssl protocol form to be sent to the communication server after encapsulating;
The communication server will set up session request SAL data frames according to the destination address for setting up session request SAL data frames Send to the corresponding terminal of destination address;
Session request SAL data frames are set up described in terminal-pair and carry out data parsing, and verify the acquisition server identity, are produced Set up session confirmation data and be encrypted using terminal secret key, with constitute set up session response SAL data frames be sent to it is logical Telecommunications services device;
The communication server checks the integrality and legitimacy for setting up session response SAL data frames, if it is described set up session should Answer SAL data frames imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal, if described Set up session response SAL data frames complete and legal, then send the session response SAL data frames of setting up to security gateway;
Security gateway judges the integrality and legitimacy for setting up session response SAL data frames, if described set up session response SAL data frames are complete and legal, then set up session response SAL data frames using terminal public key decryption is described, C_APP value is changed 1 and the data for obtaining setting up session confirmation to be encapsulated as sending to acquisition server after APP protocol formats;
Acquisition server receives the data for setting up session confirmation of the APP protocol formats, unseals and records terminal and sets up meeting The result of words.
5. method according to claim 2, it is characterised in that the terminal request initiates session and is:
Terminal obtains terminal embedded type security control (ESAM) chip relevant information, and composition request sets up session SAL data frames simultaneously It is encapsulated as after ssl protocol form, is sent to the communication server;
The communication server detection integrality and legitimacy for asking to set up session SAL data frames, if meeting is set up in the request Talk about SAL data frames imperfect or illegal, then communication server composition is denied response SAL messages and sent to terminal;If request Set up session SAL data frames complete and legal, then the request is set up into session SAL data frames sends to security gateway;
Security gateway judges the integrality and legitimacy for asking to set up session SAL data frames, if session is set up in the request SAL data frames are imperfect or illegal, then security gateway composition is denied response SAL messages and sent to terminal;If request is set up Session SAL data frames are complete and legal, then are changed to 1 by C_APP value and the request is set up into session SAL data frames be encapsulated as Sent after APP protocol formats to acquisition server;
Acquisition server sets up session SAL data frames to the request after the encapsulation and carries out deblocking processing, and composition confirms/denied SAL acknowledgement frames, send to security gateway;
C_APP value is changed to 0 by security gateway, will confirm that/deny that SAL acknowledgement frames are encapsulated as sending after ssl protocol form to logical Telecommunications services device, the communication server is again by the confirmation after encapsulating/deny that SAL acknowledgement frames are sent to terminal.
6. according to the method described in claim 1, it is characterised in that the acquisition server initiates data interaction and is:
Acquisition server composition plaintext 1376.1/ task data (OOP) data frame is simultaneously sent to security gateway;
Security gateway detects the integrality and legitimacy of the plaintext 1376.1/OOP data frames, if the plaintext 1376.1/OOP Data frame is complete and legal, C_APP value is changed into 0, and plaintext 1376.1/OOP data frames are carried out into the public key based on terminal The SAL data frames of ssl protocol form are encrypted and be encapsulated as, are sent to the communication server;
The SAL data frames are sent to corresponding terminal by the communication server according to the destination address of SAL data frames;
Terminal-pair SAL data frames are decrypted, and obtain plaintext 1376.1/OOP data frames, are constituted in plain text after data processing 1376.1/OOP reply data frames, constitute SAL reply data frame ciphertexts and send to the communication server after encryption;
The communication server detects the integrality and legitimacy of the SAL reply datas frame ciphertext, if the SAL reply datas frame is close Text is complete and legal, then the SAL reply datas frame ciphertext is forwarded into security gateway;
Security gateway detects the integrality and legitimacy of the SAL reply datas frame ciphertext, if the SAL reply datas frame ciphertext Complete and legal, decryption obtains plaintext 1376.1/OOP reply data frames, and C_APP value is changed into 1 and plaintext 1376.1/ is incited somebody to action The data that OOP reply data frames are encapsulated as APP protocol formats are sent to acquisition server;
Acquisition server is received after the plaintext 1376.1/OOP reply data frames after encapsulation, according to plaintext 1376.1/OOP responses Data frame is handled.
7. according to the method described in claim 1, it is characterised in that the terminal reported data is:
Terminal generates plaintext 1376.1/OOP data frames, and SAL data frame ciphertexts are formed after encryption and are sent to the communication server;
The communication server detects the integrality and legitimacy of SAL data frame ciphertexts, if the SAL data frames ciphertext is imperfect or not Legal, then communication server composition is denied response SAL messages and sent to terminal;If SAL data frame ciphertexts are complete and legal, The SAL data frames ciphertext is sent to security gateway;
Security gateway detects the integrality and legitimacy of the SAL data frames ciphertext, if the SAL data frames ciphertext it is imperfect or Illegal, then security gateway composition is denied response SAL messages and sent to terminal;If SAL data frame ciphertexts are complete and legal, It is plaintext 1376.1/OOP data frames by the decryption of SAL data frames ciphertext, C_APP value is changed to 1 and by the plaintext 1376.1/ OOP data frames are encapsulated as sending to acquisition server after APP protocol formats;
Acquisition server is received after the plaintext 1376.1/OOP data frames after encapsulation, is entered according to plaintext 1376.1/OOP data frames Row processing, composition plaintext 1376.1/OOP reply data frames are sent to security gateway;
Security gateway detects the integrality and legitimacy of the plaintext 1376.1/OOP reply data frames, if the plaintext 1376.1/OOP reply data frames are complete and legal, then C_APP value are changed into 0, and by plaintext 1376.1/OOP reply datas Frame is encrypted using terminal public key and is encapsulated as the SAL reply data frame ciphertexts of ssl protocol form, is sent to communication service Device;
The SAL reply datas frame ciphertext is sent to phase by the communication server according to the destination address of SAL reply data frame ciphertexts The terminal answered;
Terminal, which receives to be decrypted after SAL reply data frame ciphertexts, obtains plaintext 1376.1/OOP reply data frames, and according to bright Literary 1376.1/OOP reply datas content frame carries out data processing.
8. the method according to any one in claim 3,5,6,7, it is characterised in that when C_APP value is 0, table Show that current data frame encapsulates for ssl protocol form, when C_APP value is 1, represent that current data frame seals for APP forms Dress.
9. method according to claim 5, it is characterised in that the terminal ESAM chips relevant information is terminal serial Number, communication protocol version number and AES.
10. a kind of safety application data link layer device of power information acquisition system, including:
Terminal, for tissue heartbeat message logging on communication server, with acquisition server set up session and carry out data interaction with And carry out reported data;
The communication server, the data produced when carrying out between terminal and acquisition server for detecting and set up session and data interaction The integrality and legitimacy of frame;
Security gateway, the data frame produced when carrying out between terminal and acquisition server for detecting and set up session and data interaction Integrality and legitimacy, the encapsulation and the encrypting and decrypting that carry out to the data frame APP agreements or ssl protocol form;And
Acquisition server, for setting up session with terminal and carrying out data interaction and progress data processing.
CN201710197813.8A 2017-03-29 2017-03-29 Safety application data link layer equipment of electricity utilization information acquisition system and communication method Active CN106941491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710197813.8A CN106941491B (en) 2017-03-29 2017-03-29 Safety application data link layer equipment of electricity utilization information acquisition system and communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710197813.8A CN106941491B (en) 2017-03-29 2017-03-29 Safety application data link layer equipment of electricity utilization information acquisition system and communication method

Publications (2)

Publication Number Publication Date
CN106941491A true CN106941491A (en) 2017-07-11
CN106941491B CN106941491B (en) 2020-08-21

Family

ID=59463947

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710197813.8A Active CN106941491B (en) 2017-03-29 2017-03-29 Safety application data link layer equipment of electricity utilization information acquisition system and communication method

Country Status (1)

Country Link
CN (1) CN106941491B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107634889A (en) * 2017-10-17 2018-01-26 珠海格力电器股份有限公司 A kind of device intelligence Synergistic method and device
CN108769072A (en) * 2018-07-03 2018-11-06 湖北文理学院 Establish the method, apparatus and communication system of connection
CN109309688A (en) * 2018-12-04 2019-02-05 长园深瑞继保自动化有限公司 New energy power station progress control method based on cloud monitoring and Data Encryption Transmission
CN109615742A (en) * 2018-12-11 2019-04-12 深圳市万物云科技有限公司 A kind of wireless entrance guard control method and device based on LoRaWAN
CN110111094A (en) * 2019-05-17 2019-08-09 充之鸟(深圳)新能源科技有限公司 Electricity charge Automated Clearing House system and method between charging pile operator and property
CN110225004A (en) * 2019-05-24 2019-09-10 武汉虹信技术服务有限责任公司 A kind of data collection system and method for community security protection weak electronic system
CN110278280A (en) * 2019-06-27 2019-09-24 江苏中海昇物联科技有限公司 Building site data integrated system and integration method based on Internet of Things
CN113163395A (en) * 2020-01-07 2021-07-23 阿里巴巴集团控股有限公司 Method and device for communication between terminal and server and key configuration
CN114422256A (en) * 2022-01-24 2022-04-29 南京南瑞信息通信科技有限公司 High-performance security access method and device based on SSAL/SSL protocol
CN116074048A (en) * 2022-12-20 2023-05-05 广州辰创科技发展有限公司 High-speed thing allies oneself with intelligent gateway equipment system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111265A (en) * 2011-01-13 2011-06-29 中国电力科学研究院 Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal
WO2012097489A1 (en) * 2011-01-19 2012-07-26 四川电力科学研究院 Intelligent electric meter centralized recharging terminal and control method thereof
CN104123134A (en) * 2014-07-07 2014-10-29 四川中电启明星信息技术有限公司 Intelligent electricity use data management method and system based on AMI and J2EE
CN104243595A (en) * 2014-09-24 2014-12-24 国家电网公司 IPv6 (Internet protocol version 6) based electricity information collection system and method
WO2015192174A1 (en) * 2014-06-20 2015-12-23 Kortek Industries Pty Ltd Wireless power control, metrics and management
CN106411907A (en) * 2016-10-13 2017-02-15 广西咪付网络技术有限公司 Data transmission method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111265A (en) * 2011-01-13 2011-06-29 中国电力科学研究院 Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal
WO2012097489A1 (en) * 2011-01-19 2012-07-26 四川电力科学研究院 Intelligent electric meter centralized recharging terminal and control method thereof
WO2015192174A1 (en) * 2014-06-20 2015-12-23 Kortek Industries Pty Ltd Wireless power control, metrics and management
CN104123134A (en) * 2014-07-07 2014-10-29 四川中电启明星信息技术有限公司 Intelligent electricity use data management method and system based on AMI and J2EE
CN104243595A (en) * 2014-09-24 2014-12-24 国家电网公司 IPv6 (Internet protocol version 6) based electricity information collection system and method
CN106411907A (en) * 2016-10-13 2017-02-15 广西咪付网络技术有限公司 Data transmission method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赵兵,高欣,翟峰,陈鹏,王鑫: "面向用电信息采集系统的双向认证协议", 《电网技术》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107634889B (en) * 2017-10-17 2019-12-03 珠海格力电器股份有限公司 A kind of device intelligence Synergistic method and device
CN107634889A (en) * 2017-10-17 2018-01-26 珠海格力电器股份有限公司 A kind of device intelligence Synergistic method and device
CN108769072A (en) * 2018-07-03 2018-11-06 湖北文理学院 Establish the method, apparatus and communication system of connection
CN109309688A (en) * 2018-12-04 2019-02-05 长园深瑞继保自动化有限公司 New energy power station progress control method based on cloud monitoring and Data Encryption Transmission
CN109615742A (en) * 2018-12-11 2019-04-12 深圳市万物云科技有限公司 A kind of wireless entrance guard control method and device based on LoRaWAN
CN110111094A (en) * 2019-05-17 2019-08-09 充之鸟(深圳)新能源科技有限公司 Electricity charge Automated Clearing House system and method between charging pile operator and property
CN110225004B (en) * 2019-05-24 2021-11-09 武汉虹信技术服务有限责任公司 Data acquisition system and method for community security weak current subsystem
CN110225004A (en) * 2019-05-24 2019-09-10 武汉虹信技术服务有限责任公司 A kind of data collection system and method for community security protection weak electronic system
CN110278280A (en) * 2019-06-27 2019-09-24 江苏中海昇物联科技有限公司 Building site data integrated system and integration method based on Internet of Things
CN113163395A (en) * 2020-01-07 2021-07-23 阿里巴巴集团控股有限公司 Method and device for communication between terminal and server and key configuration
CN114422256A (en) * 2022-01-24 2022-04-29 南京南瑞信息通信科技有限公司 High-performance security access method and device based on SSAL/SSL protocol
CN114422256B (en) * 2022-01-24 2023-11-17 南京南瑞信息通信科技有限公司 High-performance security access method and device based on SSAL/SSL protocol
CN116074048A (en) * 2022-12-20 2023-05-05 广州辰创科技发展有限公司 High-speed thing allies oneself with intelligent gateway equipment system
CN116074048B (en) * 2022-12-20 2023-11-14 广州辰创科技发展有限公司 High-speed thing allies oneself with intelligent gateway equipment system

Also Published As

Publication number Publication date
CN106941491B (en) 2020-08-21

Similar Documents

Publication Publication Date Title
CN106941491A (en) The safety application data link layer device and communication means of power information acquisition system
US10547594B2 (en) Systems and methods for implementing data communication with security tokens
CN109088870B (en) Method for safely accessing acquisition terminal of power generation unit of new energy plant station to platform
CN103491072B (en) A kind of border access control method based on double unidirection insulation network brakes
JP3688830B2 (en) Packet transfer method and packet processing apparatus
CN101371550B (en) Method and system for automatically and freely providing user of mobile communication terminal with service access warrant of on-line service
CN102347870B (en) A kind of flow rate security detection method, equipment and system
US20060206433A1 (en) Secure and authenticated delivery of data from an automated meter reading system
CN111245862A (en) System for safely receiving and sending terminal data of Internet of things
CN101558599B (en) Client device, mail system, program, and recording medium
CN111918284B (en) Safe communication method and system based on safe communication module
CN106685775A (en) Self-inspection type invasion prevention method and system for intelligent household electrical appliance
CN104869111B (en) A kind of trusted end-user access authentication system and method
CN104283675A (en) Concentrator, electricity meter and message processing method of concentrator and electricity meter
CN111988328A (en) Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station
CN101729871B (en) Method for safe cross-domain access to SIP video monitoring system
CN112911588A (en) Lightweight narrowband Internet of things secure transmission method and system
KR102190618B1 (en) Apparatus and method for securing train control message
CN114157509B (en) Encryption method and device with SSL and IPsec based on cryptographic algorithm
CN104065660A (en) Remote host access control method
CN210839642U (en) Device for safely receiving and sending terminal data of Internet of things
CN110881026A (en) Method and system for authenticating identity of information acquisition terminal user
CN115208696B (en) Remote communication method and device for substation telecontrol device
Mei et al. Realization of communication security in substation
CN115835194B (en) NB-IOT terminal safety access system and access method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant